ActiveX all over again?
>>But is an AIR application secure, given that ... applications have the same access to the hard drive as the user? Lynch talks about ways in which users are protected. "The application installer is signed, and then the end user is informed about the rights this application is going to have,” he says. Beyond that, Adobe is relying on brand trust and internet reputation to help users make safe choices. He adds that AIR is not making the internet's security problems any worse.<<
Isn't this just what Microsoft used to say about ActiveX?
If these AIR things are easy to write, and people happen to like the stuff they do, then people will install them as merrily as they add Facebook applications today, or even as gaily as they head to cool websites. The fun stuff doesn't come from sources with "brand trust". Facebook apps and websites can't easily damage your computer, of course, so this works well - average users don't need to be security experts.
Before AIR dies, there'll be certificate impersonations (Victim: “Hey, it said it was signed by Аdobe!”. Adobe: “No, that wasn't us. Shame you didn't notice that A was cyrillic - Unicode 0410, not 0041. Goodbye.”) Then will come such smug declarations as: “When PCs started out, people were putting floppy disks on their refrigerators with a magnet, stapling disks together, and not backing up files. Gradually, people caught on. They adopted [other] practices, and the same thing will happen on the Internet.” (That was John Browne, Microsoft's product manager for Internet security, talking about ActiveX in 1996.)